diagrid mcpserver access test
Test whether a caller is allowed to call a tool on an MCP server
Description
Test whether a caller is allowed to call a tool on an MCP server.
The server's access policy is read from the control plane and evaluated locally using the same OPA middleware the sidecar enforces with, so the verdict matches what runtime enforcement would decide for that tools/call. No call is made to the MCP server itself.
diagrid mcpserver access test <mcpserver> [flags]
Examples
# Check whether agent-a is allowed to call the "query" tool on my-mcp.
diagrid mcpserver access test my-mcp --project my-project --caller agent-a --tool query
# Check the any-caller grant.
diagrid mcpserver access test my-mcp --project my-project --caller '*' --tool query
Options
-p, --project string Name of existing project
--caller string App ID of the caller to simulate (use '*' to test the any-caller grant)
--tool string Name of the tool the caller attempts to call
-o, --output string Output format, supported [table, yaml, json] (default "table")
-h, --help help for test
Options inherited from parent commands
--api-key string Diagrid Cloud API key
SEE ALSO
- diagrid mcpserver access - Manage per-tool authorization for an MCP server